Hacking Team, an Italian firm which came under attack for selling hacking tools to governments with dubious human rights records, reportedly showed its spy technology to a security agency in Bangladesh dubbed by Human Rights Watch a “death squad.”

Some 400 gigabytes of Hacking Team's internal documents and
source code were leaked online after the Milan-based company
became the target of a hacker attack over the weekend, exposing
deals with countries such as Sudan and Saudi Arabia.

Just two months ago, a Hacking Team representative traveled to
the Bangladeshi capital Dhaka for “a practical
demonstration” of the company's surveillance equipment
“in the ground settings of Bangladesh,” according to the
company’s emails reviewed by the Intercept.

Last month, a reseller for Hacking Team in Bangladesh reported
that he had submitted the bid papers for the deal with The Rapid
Action Battalion which, according to Human Rights Watch, has been “responsible
for numerous acts of torture and other ill-treatment, arbitrary
arrests, and approximately 800 killings over the last 10
years.”

Hacking Team has also supplied its technology to the DEA, which
as one leaked email reveals, is using the spyware to launch
surveillance operations from the US embassy in Bogota. The email
also suggests that apart from the Hacking Team technology, the
DEA is also using other spying equipment at the embassy in
Colombia.
The Intercept's Ryan Gallagher, who says he has been reading
through the hacked file, reported that one of Hacking Team’s key
corporate partners is an Israel-based company with close links to
Israeli military and intelligence agencies. According to his
biography, Nice Systems's CEO Barak Eilam was
formerly an officer with an “elite intelligence unit” in
the IDF.

The leaked Hacking Team documents show that Nice has been
involved in closing a number of deals for the company across the
world, with contracts in Azerbaijan and Thailand. He has been
credited with pushing for sales in Brazil, Kuwait, Finland,
Georgia, Greece, India and Uzbekistan, just to name a few.

The firm's ties with Sudan have already caused a major
embarrassment, given that Hacking Team has previously publicly
denied selling its tools to Khartoum. Among the leaked documents
was the one showing how the firm required the Sudanese government
to pay €480,000 ($530,000) by wire transfer for "remote
control" systems used to access a target's personal data.

Last year, reporters Without Borders listed the company, which
has always maintained that it legally sold its products to be
used for law enforcement on its Enemies of the Internet index.

The leak appeared to be a major blow to Hacking Team’s
reputation. Speaking to the International Business Times in the wake of
the cyber attack, the company's spokesman Eric Rabe brushed off
allegations from journalists and activists saying Hacking Team
has been dealing with “despotic regimes.”

Rabe said: “We don’t have anything to hide about what we are
doing and we don’t think that there is any evidence in this 400GB
of data that we have violated any laws and I would even go so far
as to argue that there is no evidence that we have behaved in
anything but a completely ethical way.”

UK police agencies 'trialing' Hacking Team technology

The leaked documents cited by the Intercept show that police
agencies in the UK have also tested Hacking Team’s controversial
technology, and have been attempting to purchase it for years.
According to the leaked data, they have been hindered by
“some concerns to do with legal authority” of the
technology.

In May 2011, Hacking Team arranged a secret meeting with several
interested British agencies, and was told that attendees may
include London’s Metropolitan Police, the government’s Home
Office, domestic intelligence agency MI5, customs officials and
the Serious and Organised Crime Agency.

According to the leaked documents, two years after this meeting
the Metropolitan Police told Hacking Team that it was “now
ready to progress” with a trial of the spying tool. In 2013,
it invited Hacking Team to formally submit a bid for a spy
technology contract. A confidential document, cited by the
Intercept, specified that the force wanted to obtain
“'software' that can be covertly introduced to a third
parties device and will allow us to ‘Look, Listen and Follow’ the
third party. The Authority will receive, record and playback the
‘Product’ retrieved from the third party on a 'System' that shall
be scalable, using proven technology that has in-built security
measures appropriate to this task.”
The deal, worth £385,000, was cut short in 2014 following
“internal reviews on how we wished to move this area of
technology forward,” according to an email from the police.
However, a future deal was not excluded, with the email stating:
“Of course in the months/years to come this could change and
if that is the case then we would welcome your organization’s
participation.”

The identity of those who leaked the sensitive information from
Hacking Team remains unknown. The company said that before the
attack it “could control who had access to the technology,
which was sold exclusively to governments and government
agencies. Now, because of the work of criminals, that ability to
control who uses the technology has been lost. Terrorists,
extortionists and others can deploy this technology at will if
they have the technical ability to do so. We believe this is an
extremely dangerous situation,” Hacking Team said.